Skip to content

Architecture: a kernel and seven contracts

Aegis v2 is built on one structural bet: the kernel knows nothing about what the pipeline does. It knows how to discover plugins, validate typed configuration, resolve secrets, and compile a request pipeline into a graph. Everything with an opinion — which providers exist, what the guardrails check, where vectors live, how credentials resolve, who a request belongs to — is a plugin implementing one of seven published contracts:

Contract Job
ModelProvider complete / stream / embed against any model backend
Guardrail scan content, return a verdict
VectorStoreProvider RAG storage
EmbeddingProvider RAG embedding
SecretProvider resolve secret:// references at config load
PipelineNode arbitrary middleware in the request graph
Authenticator resolve request credentials into a Principal (shipped by aegis-server)

Discovery uses Python entry points — the pytest/Flake8 model. A third-party package declares an entry point in its pyproject.toml and Aegis finds it at startup with zero core changes. Boring, standard, and proven at ecosystem scale.

Why the pipeline is a graph

The request lifecycle is a LangGraph StateGraph, not a call chain. That choice buys four things at once: conditional routing (compliance rules become auditable graph edges, not buried if statements), checkpointing (runs survive restarts), human-in-the-loop interrupts (a guardrail can pause a request instead of only blocking it), and streaming. It also collapses two concepts into one: a gateway request and an agent run are the same abstraction, so agentic workloads are additional nodes, not a second system.

Policy packs are the proof

Every governance feature Aegis ships — data classification, residency, budgets, PII masking — is an optional policy pack built only on the public contracts, enforced by an import-linter rule in CI. If a flagship feature cannot be built on the public interface, the interface is wrong. The packs are the permanent, executable proof that it isn't.

What this is not

Single-tenant by design (principal-aware, not multi-tenant — see identity levels). No bundled local inference: the provider contract leaves the slot open. No baked-in observability stack: OpenTelemetry at the core, exporters as plugins. Built on LangGraph, not competing with it.